Over the weekend Android Police went public with details of a major security flaw present on HTC phones running Android. The culprit was HTC’s very own data collection app called Tell HTC.

It turns out that any app you give Internet permissions to on a HTC Android phone can access the data Tell HTC collects. That data can be several megabytes in size and includes lots of personal information. It therefore should not be accessible to anyone but HTC, and then only if you give the company permission to do collect it. As it currently stands, regardless of permission being given, the data is collected and accessible to lots of third-party apps.

HTC was given several days notice as to the issue before the security hole was made public. The company never responded. After the weekend release and YouTube video clearly demonstrating the issue, HTC did finally decide to look into the claims, and has now agreed with the fact there is a security issue.

A patch is now in the works that will be distributed as an over the air update. We don’t know exactly when it will be ready, but HTC has stated it doesn’t know of any app that grabs the data being actively distributed.

The advice given at the weekend still stands for the moment. Be careful what new apps you download to your HTC Android phone until the patch is available and applied. If you want to be extra cautious until that time you can delete the HtcLogger.apk manually from your phone.